Buffer Overflow Exploit found in Nginx Server 1.3.9-1.4.0

Earlier this month Nginx disclosed that there was a buffer exploit vulnerability in some versions of their product. Recently, Metasploit released an exploit module for the vulnerability.

Nginx, the ever popular opensource HTTP Server and Proxy publicly disclosed that a Buffer Overflow was discovered in versions 1.3.9 – 1.4.0. According to Shodan there are almost 3 million servers on the web that use Nginx with almost 12,000 running the affected versions.

A notification from Nginx stated that a specially crafted request could trigger a stack-based buffer overflow:

This module exploits a stack buffer overflow in versions 1.3.9 to 1.4.0 of nginx. The exploit first triggers an integer overflow in the ngx_http_parse_chunked() by supplying an overly long hex value as chunked block size. This value is later used when determining the number of bytes to read into a stack buffer, thus the overflow becomes possible.

The issue has been fixed in Nginx 1.4.1 & 1.5.0 and a patch is available (see Nginx announcement above).